Swift: Fix spurious results for 'login' functions.

geoffw0 · geoffw0 · commit 3cecf6981822 · 2023-11-20T18:38:47.000Z
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -134,8 +134,8 @@ private class PrintfCleartextLoggingSink extends CleartextLoggingSink {
  * Holds if `f` is a function that might be a logging function.
  */
 private predicate logLikeHeuristic(Function f) {
-  f.getName().regexpMatch("(?i).*log.*") or
-  f.getDeclaringDecl().(NominalTypeDecl).getName().regexpMatch("(?i).*log.*")
+  f.getName().regexpMatch("(?i).*log(?!in).*") or
+  f.getDeclaringDecl().(NominalTypeDecl).getName().regexpMatch("(?i).*log(?!in).*")
 }
 
 /**
diff --git a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift
@@ -360,11 +360,11 @@ func test7(authKey: String, authKey2: Int, authKey3: Float) {
     logging(message: authKey) // $ hasCleartextLogging=360
     logfile(file: 0, message: authKey) // $ hasCleartextLogging=361
     logMessage(NSString(string: authKey)) // $ hasCleartextLogging=362
-    logInfo(authKey) // $ hasCleartextLogging=363
+    logInfo(authKey) // $ MISSING: hasCleartextLogging=363
     logError(errorMsg: authKey) // $ hasCleartextLogging=364
     harmless(authKey) // GOOD: not logging
     logarithm(authKey3) // GOOD: not logging
-    doLogin(login: authKey) // $ SPURIOUS: hasCleartextLogging=367 (not logging)
+    doLogin(login: authKey) // GOOD: not logging
 
     let logger = LogFile()
     let msg = "authKey: " + authKey
